<?php
/* FILE: process_password_reset.php
 * DESCRIPTION: Process called when user presses the submit button on password_reset.php
 * POST DATA: new_pass, confirm_pass
 * GET DATA: un (user name), cd (user join date)
 */
	include('config.inc');

	$newPass =  (string)$_POST['new_pass'];
	$confirmPass = (string)$_POST['confirm_pass'];
	$user = (string)$_GET['un'];
	$date = (string)$_GET['cd'];

	//Check to see if passwords match, if not, throw error
	if($newPass != $confirmPass)
	{
		header('Location: new_password.php?err=nomatch');
	}
	//Otherwise update the password
	else
	{		
		$updateQuery = 
			"UPDATE user SET user_pass = '"
			. mysql_real_escape_string(md5($newPass))
			. "' WHERE user_name = '"
			. mysql_real_escape_string($user)
			. "' AND user_join_date = '"
			. mysql_real_escape_string($date)
			. "';";
		if(!$updateQueryResult = mysql_query($updateQuery))
			die($updateQuery);
		//Jump back to main page
		header('Location: index.php?err=resetsuccess');
	}
?>